search

psantos10 / sos

4 stars 0 forks source link

Update dependency axios to v0.21.1 [SECURITY] - autoclosed #101

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 3 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 0.19.2 -> 0.21.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Release Notes

axios/axios ### [`v0.21.1`](https://togithub.com/axios/axios/releases/tag/v0.21.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1) ##### Fixes and Functionality: - Hotfix: Prevent SSRF ([#​3410](https://togithub.com/axios/axios/issues/3410)) - Protocol not parsed when setting proxy config from env vars ([#​3070](https://togithub.com/axios/axios/issues/3070)) - Updating axios in types to be lower case ([#​2797](https://togithub.com/axios/axios/issues/2797)) - Adding a type guard for `AxiosError` ([#​2949](https://togithub.com/axios/axios/issues/2949)) ##### Internal and Tests: - Remove the skipping of the `socket` http test ([#​3364](https://togithub.com/axios/axios/issues/3364)) - Use different socket for Win32 test ([#​3375](https://togithub.com/axios/axios/issues/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel Lopretto - Jason Kwok - Jay - Jonathan Foster - Remco Haszing - Xianming Zhong ### [`v0.21.0`](https://togithub.com/axios/axios/releases/tag/v0.21.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.20.0...v0.21.0) ##### Fixes and Functionality: - Fixing requestHeaders.Authorization ([#​3287](https://togithub.com/axios/axios/pull/3287)) - Fixing node types ([#​3237](https://togithub.com/axios/axios/pull/3237)) - Fixing axios.delete ignores config.data ([#​3282](https://togithub.com/axios/axios/pull/3282)) - Revert "Fixing overwrite Blob/File type as Content-Type in browser. ([#​1773](https://togithub.com/axios/axios/issues/1773))" ([#​3289](https://togithub.com/axios/axios/pull/3289)) - Fixing an issue that type 'null' and 'undefined' is not assignable to validateStatus when typescript strict option is enabled ([#​3200](https://togithub.com/axios/axios/pull/3200)) ##### Internal and Tests: - Lock travis to not use node v15 ([#​3361](https://togithub.com/axios/axios/pull/3361)) ##### Documentation: - Fixing simple typo, existant -> existent ([#​3252](https://togithub.com/axios/axios/pull/3252)) - Fixing typos ([#​3309](https://togithub.com/axios/axios/pull/3309)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Allan Cruz <57270969+Allanbcruz@users.noreply.github.com> - George Cheng - Jay - Kevin Kirsche - Remco Haszing - Taemin Shin - Tim Gates - Xianming Zhong ### [`v0.20.0`](https://togithub.com/axios/axios/releases/tag/v0.20.0) [Compare Source](https://togithub.com/axios/axios/compare/v0.19.2...v0.20.0) Release of 0.20.0-pre as a full release with no other changes.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.